“style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/”。 'unsafe-inline' 关键字,一个散列
[英]"style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/". Either the 'unsafe-inline' keyword, a hash
问题描述
I have a webpage hosted on jenkins server.
我在 jenkins 服务器上托管了一个网页。
I saw that in the latest jenkins update there was我看到在最新的詹金斯更新中有
So I have read this fantastic post on how to bypass this restriction所以我已经阅读了这篇关于如何绕过这个限制的精彩文章
I have added this <meta> to my page我已将此<meta>添加到我的页面
but i keep on getting console errors:但我不断收到控制台错误:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/ ".拒绝应用内联样式,因为它违反了以下内容安全策略指令:“style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/ ”。 Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution.启用内联执行需要“unsafe-inline”关键字、哈希(“sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=”)或随机数(“nonce-...”)。
<head>
<title>Bidi: unknown bl version vs. 1.0.487</title>
<meta content="text/html; charset=utf-8 ;" http-equiv="content-type">
<meta content="style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy"><meta content="script-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy"><meta content="default-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy"><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css"><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css"><script type="script" src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script><link rel="icon" href="/jenkins/view/QA/job/RoutingRegression/ws/src/main/resources/html_pages/images/favicon.png" type="image/gif" sizes="16x16"><link rel="stylesheet" href="/RoutingRegression/html_pages/css/delta_samples.css">
</head>
2 个解决方案
解决方案1
0 已采纳 2016-05-04 13:08:12
I think you should read this fantastic post I fully relaxed my Jenkins config by using我认为你应该阅读这篇精彩的文章,我通过使用完全放松了我的 Jenkins 配置
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
解决方案2
0 2020-11-30 17:17:52
Add 'unsafe-inline' attribute to the metadata.向元数据添加“unsafe-inline”属性。
<meta content="style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy">
<meta content="script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/" http-equiv="Content-Security-Policy">
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.